CLAIMS 

What is claimed is: 



1 1 . A computer-readable medium carrying one or more sequences of instructions for 

2 authorizing a data communication session between a client and a first server, 

3 wherein execution of the one or more sequences of instructions by one or more 

4 processors causes the one or more processors to perform the steps of: 

5 receiving a request to establish the session, wherein the request is associated with 

6 a particular entity that is associated with the client; 

7 determining whether authorization of the session can be performed locally at a 

8 second server; 

9 if authorization of the session can be performed locally at the second server, then 

1 0 informing the first server that the session may be established between the 

1 1 client and the first server for the particular entity; 

12 and after informing the first server, informing a third server that is 

1 3 associated with the particular entity that the session has been 

14 authorized to be established for the particular entity. 



1 2. The computer-readable medium of claim 1 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the steps of: 

4 if authorization of the session cannot be performed locally at the second server, 

5 then, 

6 requesting the third server to authorize the session between the client and 

7 the first server; and 

8 informing the first server, based on a response received from the third 

9 server, whether the session may be authorized. 
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1 3. The computer-readable medium of claim 1 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of determining whether authorization of the session 

4 can be performed locally at the second server by performing the steps of: 

5 determining a session counter value, wherein the session counter value indicates 

6 the number of sessions that are currently active for the particular entity; 

7 determining a session threshold value, wherein the session threshold value 

8 indicates a threshold as to a number of sessions that may be currently 

9 active before sessions cannot be authorized locally by the second server; 

10 and 

1 1 comparing the session counter value with the session threshold value to determine 

12 whether authorization of the session can be performed locally at the 

13 second server. 

1 4. The computer-readable medium of claim 1 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of determining whether authorization of the session 

4 can be performed locally at the second server by performing the step of: 

5 determining whether the second server has received a prior request for the 

6 particular entity. 

1 5. The computer-readable medium of claim 1 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of: 

4 prior to receiving the request, maintaining data that is associated 

5 with the second server, wherein the data includes, 
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a session counter value, wherein the session counter value indicates the 
number of sessions that are currently active for the particular 
entity; and 

a session threshold value, wherein the session threshold value indicates a 
particular number of sessions that may be currently active before 
sessions cannot be authorized locally by the second server. 

6. The computer-readable medium of claim 5 wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of maintaining data that is associated with the 
second server by performing the step of: 

maintaining a server identifier, wherein the server identifier identifies a particular 
server that is assigned to the particular entity. 

7. The computer-readable medium of claim 1 wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of receiving the request to establish the session by 
performing the step of: 

receiving a connection request, wherein the connection request requests 

authorization to establish a Point-to-Point Protocol connection between the 
client and the first server. 

8. The computer-readable medium of claim 1 wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of: 

identifying the third server by retrieving global data, wherein the global data maps 
a particular server to each of one or more entities. 



50325-0646 
(Seq. No. 5528) 



-85- 



1 * 

1 9. The computer-readable medium of claim 1 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of: 

4 identifying the third server by retrieving a server identifier, wherein the server 

5 identifier identifies a particular server that is assigned to the particular 

6 entity. 

1 10. The computer-readable medium of claim 1 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of informing the third server by performing the 

4 steps of: 

5 determining, at the third server, whether other servers have previously authorized 

6 sessions for the particular entity; and 

7 if other servers have previously authorized sessions for the particular entity, then 

8 informing the other servers that the session has been authorized for the 

9 particular entity. 

1 11. The computer-readable medium of claim 1 0 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the steps of: 

4 prior to informing the other servers, 

5 maintaining session counter values at each of the other servers, wherein 

6 the session counter values indicate the number of sessions that are 

7 currently active for the particular entity; and 

8 after being informed that the session has been authorized for the particular entity, 

9 updating the session counter values at each of the other servers to reflect 
1 0 that the session has been authorized for the particular entity. 
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12. The computer-readable medium of claim 1, wherein the request to establish a 
session is encrypted to maintain a secure communication, and wherein execution 
of the one or more sequences of instructions by one or more processors causes the 
one or more processors to perform the steps of receiving the request based on the 
encrypted request. 

13. The computer-readable medium of claim 1, wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of informing the first server by informing with an 
encrypted communication. 

14. The computer-readable medium of claim 1, wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of informing the third server by informing with an 
encrypted communication. 

15. The computer-readable medium of claim 1, wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of: 

receiving at the second server a connection termination message indicating that a 
session that was authorized locally at the second server has terminated. 

16. The computer-readable medium of claim 15, wherein execution of the one or 
more sequences of instructions by one or more processors causes the one or more 
processors to perform the steps of: 

identifying an authoritative server assigned to the particular entity; and 
if the second server is identified as the authoritative server for the particular 
entity, then 
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12 updating global session information of the second server to reflect 

13 termination of the terminated session. 

1 17. A computer-readable medium carrying one or more sequences of instructions for 

2 broadcasting session information to one or more servers, wherein execution of the 

3 one or more sequences of instructions by one or more processors causes the one 

4 or more processors to perform the steps of: 

5 receiving a message from a first server, wherein the message indicates that a 

6 session has been authorized for a particular entity; 

7 determining whether one or more other servers have previously authorized 

8 sessions for the particular entity; and 

9 if one or more other servers have previously authorized sessions for the particular 

10 entity, then 

1 1 informing the one or more other servers that another session has been 

1 2 authorized for the particular entity. 

1 18. The computer-readable medium of claim 1 7 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of: 

4 prior to receiving the message from the first server, 

5 maintaining data that is associated with a second server, wherein the data includes 

6 a session counter value, wherein the session counter value indicates the 

7 number of sessions that are currently active for the particular 

8 entity; and 

9 a server list, wherein the server list identifies the one or more other servers 
1 0 that have previously authorized sessions for the particular entity. 
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19. A computer-readable medium carrying one or more sequences of instructions for 
authorizing a data communication session between a client and a server in a 
network, wherein execution of the one or more sequences of instructions by one 
or more processors causes the one or more processors to perform the steps of: 
receiving a connection request at a distributed session counter for authorization to 

establish a session between the client and the server, wherein the 

connection request is associated with a particular entity; 
determining whether authorization of the session can be performed locally at the 

distributed session counter; 
if authorization of the session can be performed locally at the distributed session 

counter, then 

sending an authorization granted message to the server to indicate that the 
session may be established between the client and the server for 
the particular entity; 

identifying an authoritative distributed session counter that is associated 
with the particular entity; and 

after sending the authorization granted message to the server, sending a 
authorization update message to the authoritative distributed 
session counter, wherein the authorization update message notifies 
the authoritative distribution counter that the session has been 
authorized to be established for the particular entity. 

20. The computer-readable medium of claim 19 wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the steps of: 

if authorization of the session cannot be performed locally at the distributed 
session counter, then 
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6 sending an authorization request message to the authoritative distributed 

7 session to request authorization to authorize the session between 

8 the client and the server; and 

9 sending a response to the server based on a response message that is 

10 received from the authoritative distributed session, wherein the 

1 1 response message indicates whether the session should be 

12 authorized. 

1 21. The computer-readable medium of claim 19, wherein global session threshold 

2 values are assigned to indicate thresholds as to a number of sessions that may be 

3 concurrently active for each of a plurality of entities, and wherein a particular user 

4 is associated with two or more entities of the plurality of entities, and wherein 

5 execution of the one or more sequences of instructions by one or more processors 

6 causes the one or more processors to perform the step of: 

7 for the particular user, determining whether authorization of the session can be 

8 performed, by, 

9 for each of the two or more entities, comparing the global threshold value 

1 0 with the number of active sessions for the corresponding entity; 

11 and 

12 if the number of active sessions for any of the entities is greater or equal to 

1 3 the corresponding global threshold value, then denying 

14 authorization of the session. 

1 22. The computer-readable medium of claim 1 9 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of determining whether authorization of the session 

4 can be performed locally at the distributed session counter by performing the 

5 steps of: 
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6 determining a local session counter value, wherein the local session counter value 

7 indicates the number of sessions that are currently active for the particular 

8 entity; 

9 determining a local session threshold value, wherein the local session threshold 

1 0 value indicates a threshold as to a number of sessions that may be 

1 1 currently active before sessions cannot be authorized locally by the 

12 distributed session counter; and 

13 comparing the local session counter value with the local session threshold value to 

14 determine whether authorization of the session can be performed locally at 

15 the distributed session counter. 

1 23 . The computer-readable medium of claim 1 9, wherein execution of the one or 

2 more sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of: 

4 maintaining distributed session information, wherein the distributed session 

5 information includes over-subscription information that identifies for the 

6 distributed session counter the number of times that the number of 

7 sessions established for a particular user or group of users was greater than 

8 the number authorized. 



The computer-readable medium of claim 19 wherein execution of the one or more 
sequences of instructions by one or more processors causes the one or more 
processors to perform the step of determining whether authorization of the session 
can be performed locally at the distributed session counter by performing the step 
of: 

determining whether the distributed session counter has received a prior 
connection request for the particular entity. 



10 
11 

12 
13 
14 
15 
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1 25. The computer-readable medium of claim 19 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of: 

4 prior to receiving the connection request, 

5 maintaining a connection data storage area, wherein the connection data 

6 storage area includes 

7 a local session counter value, wherein the local session counter 

8 value indicates the number of sessions that are currently 

9 active for the particular entity; and 

10 a local session threshold value, wherein the local session threshold 

1 1 value indicates a particular number of sessions that may be 

12 currently active before sessions cannot be authorized 

1 3 locally by the distributed session counter. 

1 26. The computer-readable medium of claim 25 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of maintaining the connection data storage area by 

4 performing the step of: 

5 maintaining an authoritative distributed session counter identifier, wherein the 

6 authoritative distributed session counter identifier identifies a particular 

7 authoritative distributed session counter that is assigned to the particular 

8 entity. 

1 27. The computer-readable medium of claim 1 9 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of identifying the authoritative distributed session 

4 counter by performing the step of: 
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5 interfacing with a global storage area, wherein the global storage area maps a 

6 particular authoritative distributed session counter to each entity. 

1 28. The computer-readable medium of claim 19 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of identifying the authoritative distributed session 

4 counter by performing the step of: 

5 retrieving an authoritative distributed session counter identifier, wherein the 

6 authoritative distributed session counter identifier identifies the 

7 authoritative distributed session counter that is assigned to the particular 

8 entity. 

1 29. The computer-readable medium of claim 19 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the step of sending the authorization update message to the 

4 authoritative distributed session counter by performing the steps of: 

5 determining, by the authoritative distributed session counter, whether other 

6 distributed session counters have previously authorized sessions for the 

7 particular entity; and 

8 if other distributed session counters have previously authorized sessions for the 

9 particular entity, then broadcasting an update message to the other 

10 distributed session counters to indicate that another session has been 

1 1 authorized for the particular entity. 

1 30. The computer-readable medium of claim 29 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the steps of: 

4 prior to the other distributed session counters receiving the update message, 

5 maintaining a local session counter value at each of the other distributed 

6 session counters, wherein the local session counter value indicates 
50325-0646 -93- 
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the number of sessions that are currently active for the particular 
entity; and 
after receiving the update message, 

updating the local session counter value at each of the other distributed 
session counters based on the update message. 

3 1 . The computer-readable medium of claim 1 9, wherein execution of the one or 
more sequences of instructions by one or more processors causes the one or more 
processors to perform the steps of receiving the connection request, sending an 
authorization granted message, and sending an authorization update message with 
an encrypted communication. 

32. The computer-readable medium of claim 19, wherein execution of the one or 
more sequences of instructions by one or more processors causes the one or more 
processors to perform the step of: 

maintaining distributed session information, wherein the distributed session 

information includes connection identity information that identifies for the 
distributed session counter the server and associated port used to establish 
the session. 

33. The computer-readable medium of claim 19, wherein execution of the one or 
more sequences of instructions by one or more processors causes the one or more 
processors to perform the steps of: 

receiving at the distributed session counter a connection termination message 
indicating that a session that was authorized locally at the distributed 
session counter has terminated; 

if the distributed session counter was identified as the authoritative distributed 
session counter for the particular entity, then 
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9 updating global session information of the distributed session counter to 

10 reflect termination of the terminated session; 

1 1 identifying other distributed session counters that have sent an 

12 authorization request for the particular entity; and 

13 broadcasting a session termination message to the other distributed session 

14 counters indicating that the session has terminated. 

1 34. The computer-readable medium of claim 33, wherein execution of the one or 

2 more sequences of instructions by one or more processors causes the one or more 

3 processors to perform the steps of: 

4 if the distributed session counter was not identified as the authoritative distributed 

5 session counter for the particular entity, then 

6 sending a session termination message to the authoritative distributed 

7 session counter indicating that the session has terminated. 

1 35. A computer-readable medium carrying one or more sequences of instructions for 

2 broadcasting session update information to distributed session counters, wherein 

3 execution of the one or more sequences of instructions by one or more processors 

4 causes the one or more processors to perform the steps of: 

5 receiving an authorization update message from a distributed session counter, 

6 wherein the authorization update message indicates that a session has been 

7 authorized for a particular entity; 

8 determining whether other distributed session counters have previously authorized 

9 sessions for the particular entity; and 

10 if other distributed session counters have previously authorized sessions for the 

1 1 particular entity, then broadcasting an update message to the other 

12 distributed session counters, wherein the update message notifies the other 
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13 distributed session counters that another session has been authorized for 

1 4 the particular entity. 

1 36. The computer-readable medium of claim 35 wherein execution of the one or more 

2 sequences of instructions by one or more processors causes the one or more 

3 processors to perform the steps of: 

4 prior to receiving the authorization update message, 

5 maintaining a connection data storage area, wherein the connection data storage 

6 area includes 

7 a global session counter value, wherein the global session counter value 

8 indicates a global value of the number of sessions that are currently 

9 active for the particular entity; and 

10 a local distributed session counter list, wherein the local distributed 

1 1 session counter list identifies the other distributed session counters 

1 2 that have previously authorized sessions for the particular entity. 

1 37. A computer apparatus comprising: 

2 a processor; and 



a memory coupled to the processor, the memory containing one or more 



4 sequences of instructions for authorizing a data communication session 

5 between a client and a server in a network, wherein execution of the one 

6 or more sequences of instructions by the processor causes the processor to 

7 perform the steps of: 

8 receiving a connection request at a distributed session counter for 

9 authorization to establish a session between the client and the 

1 0 server, wherein the connection request is associated with a 

1 1 particular entity; 
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determining whether authorization of the session can be performed locally 

at the distributed session counter; 
if authorization of the session can be performed locally at the distributed 

session counter, then 

sending an authorization granted message to the server to indicate 
that the session may be established between the client and 
the server for the particular entity; 

identifying an authoritative distributed session counter that is 
associated with the particular entity; and 

after sending the authorization granted message to the server, 

sending a authorization update message to the authoritative 
distributed session counter, wherein the authorization 
update message notifies the authoritative distribution 
counter that the session has been authorized to be 
established for the particular entity. 

The computer apparatus of claim 37, wherein execution of the one or more 
sequences of instructions by the processor causes the processor to perform the 
steps of: 

if authorization of the session cannot be performed locally at the distributed 
session counter, then 

sending an authorization request message to the authoritative distributed 
session to request authorization to authorize the session between 
the client and the server; and 

sending a response to the server based on a response message that is 
received from the authoritative distributed session, wherein the 
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1 1 response message indicates whether the session should be 

12 authorized. 

1 39. The computer apparatus of claim 37, wherein execution of the one or more 

2 sequences of instructions by the processor causes the processor to perform the 

3 steps of determining whether authorization of the session can be performed 

4 locally at the distributed session counter by performing the steps of: 

5 determining a local session counter value, wherein the local session counter value 

6 indicates the number of sessions that are currently active for the particular 

7 entity; 

8 determining a local session threshold value, wherein the local session threshold 

9 value indicates a threshold as to a number of sessions that may be 

1 0 currently active before sessions cannot be authorized locally by the 

1 1 distributed session counter; and 

12 comparing the local session counter value with the local session threshold value to 

1 3 determine whether authorization of the session can be performed locally at 

14 the distributed session counter. 

1 40. The computer apparatus of claim 37, wherein execution of the one or more 

2 sequences of instructions by the processor causes the processor to perform the 

3 steps of: 

4 prior to receiving the connection request, 

5 maintaining a connection data storage area, wherein the connection data 

6 storage area includes 

7 a local session counter value, wherein the local session counter 

8 value indicates the number of sessions that are currently 

9 active for the particular entity; and 
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10 a local session threshold value, wherein the local session threshold 

1 1 value indicates a particular number of sessions that may be 

12 currently active before sessions cannot be authorized 

1 3 locally by the distributed session counter. 

1 41. The computer apparatus of claim 37, wherein the distributed session counter is 

2 constituent to an Authentication, Authorization, and Accounting server. 

1 42. A computer apparatus comprising: 

2 a processor; and 

3 a memory coupled to the processor, the memory containing one or more 

4 sequences of instructions for broadcasting session update information to 

5 distributed session counters, wherein execution of the one or more 

6 sequences of instructions by the processor causes the processor to perform 

7 the steps of: 

8 receiving an authorization update message from a distributed session 

9 counter, wherein the authorization update message indicates that a 

10 session has been authorized for a particular entity; 

1 1 determining whether other distributed session counters have previously 

12 authorized sessions for the particular entity; and 

13 if other distributed session counters have previously authorized sessions 

14 for the particular entity, then broadcasting an update message to 

15 the other distributed session counters, wherein the update message 

16 notifies the other distributed session counters that another session 

1 7 has been authorized for the particular entity. 

1 43. An apparatus for authorizing a data communication session between a client and a 

2 first server, the apparatus comprising: 
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3 means for receiving a request to establish the session, wherein the request is 

4 associated with a particular entity that is associated with the client; 

5 means for determining whether authorization of the session can be performed 

6 locally at a second server; 

7 if authorization of the session can be performed locally at the second server, then 

8 means for informing the first server that the session may be established 

9 between the client and the first server for the particular entity; and 

1 0 means for informing a third server that is associated with the particular 

1 1 entity that the session has been authorized to be established for the 

12 particular entity after informing the first server. 

1 44. An apparatus for broadcasting session information to one or more servers, the 

2 apparatus comprising: 

3 means for receiving a message from a first server, wherein the message indicates 

4 that a session has been authorized for a particular entity; 

5 means for determining whether one or more other servers have previously 

6 authorized sessions for the particular entity; and 

7 if one or more other servers have previously authorized sessions for the particular 

8 entity, then means for informing the one or more other servers that another 

9 session has been authorized for the particular entity. 

1 45. An apparatus for authorizing a data communication session between a client and a 

2 server in a network, the apparatus comprising: 



means for receiving a connection request at a distributed session counter for 
authorization to establish a session between the client and the server, 
wherein the connection request is associated with a particular entity; 

means for determining whether authorization of the session can be performed 
locally at the distributed session counter; 
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8 


if authorization of the session can be performed locally at the distributed session 


9 


counter, then 


10 


means for sending an authorization granted message to the server to 


11 


indicate that the session may be established between the client and 


12 


the server for the particular entity; 


13 


means for identifying an authoritative distributed session counter that is 


14 


associated with the particular entity; and 


15 


means for sending a authorization update message to the authoritative 


16 


distributed session counter, wherein the authorization update 




message notifies the authoritative distribution counter that the 


f W% 1 8 

M 


session has been authorized to be established for the particular 


g 19 


entity after sending the authorization granted message to the 


ft 20 


server. 



IBS 

An apparatus for broadcasting session update information to distributed session 
counters, the apparatus comprising: 

means for receiving an authorization update message from a distributed session 
counter, wherein the authorization update message indicates that a session 
has been authorized for a particular entity; 
means for determining whether other distributed session counters have previously 

authorized sessions for the particular entity; and 
if other distributed session counters have previously authorized sessions for the 
particular entity, then 

means for broadcasting an update message to the other distributed session 
counters, wherein the update message notifies the other distributed 
session counters that another session has been authorized for the 
particular entity. 

50325-0646 -101- 
(Seq. No. 5528) 



1 46. 

K 2 

m 3 

Sn A 
i ¥ H 

5 

6 

7 

8 

9 
10 
11 
12 
13 



